From nobody Thu Oct  2 09:22:10 2025
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com
 [209.85.214.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 979B02566D2
	for <linux-kernel@vger.kernel.org>; Fri, 19 Sep 2025 01:00:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1758243606; cv=none;
 b=BOZ2eRNjggwJqF58vkbXU33fLFT59BT5FtlMOz3lj5g+cM9KAmuzpWGSj2Mjvydgu76yZfdT630XmXYy1xHcuI+H4C56Z6xzGgcCaQjskZPEkYSzU72vtnSfryF+VwxzAUeLvS7wFLGBSyXUFO6MllIvIOL7sx/UJ8DPp8baSxQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1758243606; c=relaxed/simple;
	bh=YJ2VFrZhM4qIUjqB49CAb9i42QiiedUh7facuEGSF6I=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=rp308IZbZqMIMUn4s73fZZJlDWYZ8/0lnAFWHFI1cmUfpNe9p8Iet/rpKJGaposc0ExSR15/zt6vbjo6QoDb1MDc4jbPFuk7bfZ3OVanNWoPWBcJNisgC0a7UTdy7sW/g0w109EX4gq1SDLdD7WhERWwBwqq6FHnKpFjme04tpc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=chiraHq+; arc=none smtp.client-ip=209.85.214.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="chiraHq+"
Received: by mail-pl1-f201.google.com with SMTP id
 d9443c01a7336-24456ebed7bso19398695ad.0
        for <linux-kernel@vger.kernel.org>;
 Thu, 18 Sep 2025 18:00:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1758243604; x=1758848404;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=aSaDH6qLLomdBTa7b9zuhz08i6UmGSxbGqu+z1jTuOI=;
        b=chiraHq+z+5LT9T+kas3pnpFj0mBRKB5sO74/b77jfM1YbF9YlramoXwbUImiibxdF
         2d9xPMBQLe1Sk0K0S116300b42XmfKayiAmR2UEvRgfiOtzJPQbb8bgUQG6hDpRytz69
         p8FfHpIFMBTVNLtgFAzcCN1QlbEjt6ZW6uxj5GrV8msxoowazPUmh0mRwMjb+Q6k13KU
         Ttsu4RqnZ5qzoUy4yUKmMMLORX7gRaENL8RQTCk+b1IeAzG7540ZYM+G0zxkNxODqTPy
         ShfMc8pEbUrbCGxvgjwOzINDc1LjTFBaLL5xGQYfaD2lgjm/3B62+rQ1SaNwTjzZL6ad
         EG+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1758243604; x=1758848404;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=aSaDH6qLLomdBTa7b9zuhz08i6UmGSxbGqu+z1jTuOI=;
        b=kjIA4OVm7sNqr6H9RyyHVsR18SrdHOKaju6PiRR46dnKeTBgMeNstd4Qyl7z9U8EA5
         AofNwMB52txHU5KsOD6PHzWsUSIci2SUBYrCmJcI0kx7ozpP+Xv2qdJqBtXlOX5+ZYMg
         G0bi8J7+yZBkgdIiBR/p1drs+oGKBwrXMPF5QYpSHjtFMnEXbuVQqcU2a/F44lJXTFme
         if+sqQ20h9FzuUEnyZNHrryWBTPnqmMqutbvTiLrXl0N3gnjTVCUPukutyaGqNMIRd1b
         iGq2FjkzUVzqh83yj8nk/YQbtd4JM4egCEicrd1bqU0zT3nf6ShJ6Uwft6/3Ssi1TFIy
         3vTw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXO3U7GJ2COi7N45+01MClaSuIEHtuePrm6kbsrD29KWPDHFOeb+tsY8I2Y3jQiF11K3aufX+xpgfsd588=@vger.kernel.org
X-Gm-Message-State: AOJu0YxOgTmI2f7MdmhzEBehNnFxs7v8AfXPv6ub9yZZjpbCS6AyPnFa
	I5yzwF3ZmIhnXNlU/+Ad58EMwan8P0pMEHWXJ7OAKSDv/59NTsklKbRZ426CoKmF51SZ1K/wX4F
	k5tyMaQ==
X-Google-Smtp-Source: 
 AGHT+IHkbfANFhJs0yTpbydDEuN4sXTG76yXOnVp4T9Fql8goBq4reBhUHVOl+kAMRkA9URfcpUB44v/ZHg=
X-Received: from plae4.prod.google.com ([2002:a17:902:e0c4:b0:267:fa7d:b637])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:902:fc8f:b0:267:fa8d:29a6
 with SMTP id d9443c01a7336-269b9cc7179mr19973895ad.25.1758243603881; Thu, 18
 Sep 2025 18:00:03 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 18 Sep 2025 17:59:50 -0700
In-Reply-To: <20250919005955.1366256-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20250919005955.1366256-1-seanjc@google.com>
X-Mailer: git-send-email 2.51.0.470.ga7dc726c21-goog
Message-ID: <20250919005955.1366256-5-seanjc@google.com>
Subject: [PATCH 4/9] KVM: VMX: Use kvm_mmu_page role to construct EPTP, not
 current vCPU state
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Use the role for the to-be-loaded/invalidated EPT root to compute the
root's level and A/D enablement instead of pulling the information from
the vCPU (e.g. by passing in the root level and querying vmcs12).  Not
making unnecessary assumptions about the root will allow invalidating
arbitrary EPT roots (which sadly requires a full EPTP) at any given time.

No functional change intended (the end result should be the same).

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/vmx/vmx.c | 41 ++++++++++++++++++++++++++++++-----------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 74dba9f1d098..cf2d44044da5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3201,20 +3201,40 @@ static inline int vmx_get_current_vpid(struct kvm_v=
cpu *vcpu)
 	return to_vmx(vcpu)->vpid;
 }
=20
-static u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_=
level)
+static u64 construct_eptp(hpa_t root_hpa)
 {
-	u64 eptp =3D VMX_EPTP_MT_WB;
+	u64 eptp =3D root_hpa | VMX_EPTP_MT_WB;
+	struct kvm_mmu_page *root;
=20
-	eptp |=3D (root_level =3D=3D 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4;
+	if (kvm_mmu_is_dummy_root(root_hpa))
+		return eptp | VMX_EPTP_PWL_4;
=20
-	if (enable_ept_ad_bits &&
-	    (!is_guest_mode(vcpu) || nested_ept_ad_enabled(vcpu)))
+	/*
+	 * EPT roots should always have an associated MMU page.  Return a "bad"
+	 * EPTP to induce VM-Fail instead of continuing on in a unknown state.
+	 */
+	root =3D root_to_sp(root_hpa);
+	if (WARN_ON_ONCE(!root))
+		return INVALID_PAGE;
+
+	eptp |=3D (root->role.level =3D=3D 5) ? VMX_EPTP_PWL_5 : VMX_EPTP_PWL_4;
+
+	if (enable_ept_ad_bits && !root->role.ad_disabled)
 		eptp |=3D VMX_EPTP_AD_ENABLE_BIT;
-	eptp |=3D root_hpa;
=20
 	return eptp;
 }
=20
+static void vmx_flush_tlb_ept_root(hpa_t root_hpa)
+{
+	u64 eptp =3D construct_eptp(root_hpa);
+
+	if (VALID_PAGE(eptp))
+		ept_sync_context(eptp);
+	else
+		ept_sync_global();
+}
+
 void vmx_flush_tlb_current(struct kvm_vcpu *vcpu)
 {
 	struct kvm_mmu *mmu =3D vcpu->arch.mmu;
@@ -3225,8 +3245,7 @@ void vmx_flush_tlb_current(struct kvm_vcpu *vcpu)
 		return;
=20
 	if (enable_ept)
-		ept_sync_context(construct_eptp(vcpu, root_hpa,
-						mmu->root_role.level));
+		vmx_flush_tlb_ept_root(root_hpa);
 	else
 		vpid_sync_context(vmx_get_current_vpid(vcpu));
 }
@@ -3397,11 +3416,11 @@ void vmx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t =
root_hpa, int root_level)
 	struct kvm *kvm =3D vcpu->kvm;
 	bool update_guest_cr3 =3D true;
 	unsigned long guest_cr3;
-	u64 eptp;
=20
 	if (enable_ept) {
-		eptp =3D construct_eptp(vcpu, root_hpa, root_level);
-		vmcs_write64(EPT_POINTER, eptp);
+		KVM_MMU_WARN_ON(root_to_sp(root_hpa) &&
+				root_level !=3D root_to_sp(root_hpa)->role.level);
+		vmcs_write64(EPT_POINTER, construct_eptp(root_hpa));
=20
 		hv_track_root_tdp(vcpu, root_hpa);
=20
--=20
2.51.0.470.ga7dc726c21-goog